Almost 60 percent of the vulnerabilities in computing systems used by exploit kits are over two years old, and the majority of exploit kit development takes place in Russia, according to a new study by the Solutionary's Security Engineering Research Team (SERT).

The research paper (registration required) said that out of 26 exploit kits analyzed by SERT, 70 percent were either released or created in Russia, with China and Brazil the other most popular regions for exploit kit development.

SERT's report also suggested that despite a number of high-profile DDoS attacks--including hits on financial institutions, Wikileaks, and Demonoid--in Q4 2012, there was a slight reduction in reported attacks. Authentication security attacks and the presence of malware increased.

The fact that cyber criminals are able to penetrate network defenses by targeting aging vulnerabilities and using old techniques, demonstrates that many organizations are still playing catch-up when it comes to cyber security. Tight budgets, inability to convince stakeholders at all levels that security should be a priority, and a shortage of research resources could be among the reasons why many security and risk teams are continuing to operate in reactive mode.

Many organizations are not patching security flaws properly, the report found. A lack of updates means that some of the oldest exploit code found in kits--dating back to 2004 in some cases--can still be used to wreak havoc. However, the security team also found that the popular BlackHole 2.0 kit exploits fewer vulnerabilities in comparison to a number of other kits that are openly available. Phoenix, for example, is the most versatile, being able to exploit 16 percent of all bugs.

In addition, SERT said that the majority of malware--67 percent--is not detected by the majority of anti-virus or anti-malware software, and roughly 30 percent of the samples were traced back to JavaScript malware variants used for redirection, obfuscation, and encryption, which are all used with the BlackHole exploit kit.

Charlie Osborne, a medical anthropologist who studied at the University of Kent, UK, is a journalist, freelance photographer and former teacher.
She has spent years travelling and working across Europe and the Middle East as a teacher, and has been involved in the running of businesses ranging from media and events to B2B sales. Charli...
Full Bio